Checkmarx Blog


SAST vs WAF – 5 Reasons To Opt For SAST

Jun 03, 2015 By Sharon Solomon | With the industrialization of cybercrime and rise in hacking severity, the value of traditional application security techniques is imploding. The Web Application Firewall (WAF), considered as a go-to security solution until not long ago, is currently experiencing a constant erosion in its effectiveness. On the other hand, Static Application Security Testing (SAST) solutions are gaining momentum.  
Read More »
Proactive AppSec

The Ten Commandments of Proactive Application Security

May 29, 2015 By Sarah Vonnegut | When you’re constantly reacting to suspicious alerts and fixing vulnerabilities only after they’ve been exploited, you’re missing the point of application security.   Application security, according to Wikipedia, “encompasses the measures taken throughout the code’s life-cycle to prevent gaps in the security policy of an application or the underlying vulnerabilities… of the application.” The practice of application security, at its core, exists solely to protect the data of an organization’s applications and, more importantly, the organization itself.  
Read More »
Android App Vuln.

Android Application Security Sucks! Here’s what to do about it

May 26, 2015 By Amit Ashbel | Brought to you by Appsec Labs and Checkmarx.  Android Platform Security Essentials Android…. It is no longer just a mobile phone. Nowadays Android applications are running anywhere and everywhere. Home Appliances, watches, TVs, car applications and with the Internet of Things kicking in quickly, Android applications will probably become even more prevalent in our lives.
Read More »
cyber security blogs

29 Cyber Security Blogs You Should Be Reading

May 21, 2015 By Sarah Vonnegut | Staying up-to-date is important for lots of reasons, but when you’re a Cyber Security professional, knowing about the latest tech, breaches, vulnerabilities,etc. is pretty much essential to your career. If you miss out on an important piece of news, your organization could miss out on much more.   More than just knowing what’s going on, though, keeping current in cyber security news is an opportunity to absorb and uncover innovative ideas surrounding InfoSec and the way you do your job.
Read More »
Automated Application Security Testing

Application Security Testing – Automated Vs Manual

May 19, 2015 By Sharon Solomon | The massive rise in the number of web and mobile applications in recent years has indirectly led to an inferno of cybercrime that aims to exploit application-layer vulnerabilities. Organizations have a wide range of security products at their disposal today, but they are often unable to decide between automated and manual application security testing. This article aims at providing an in-depth comparison between the two methodologies.
Read More »

Inflight Security is more than just a life vest

May 19, 2015 By Amit Ashbel | Are you afraid of flying? The following information won’t make you feel any safer. Inflight Entertainment systems (IFE) have evolved significantly over the years. Nowadays you can actually connect via your own mobile device to the IFE system and watch TV series, movies or just listen to music and see the flight status. Sounds good, right? Well, yes and no. We all agree that flights should include some kind of entertainment to “survive” these hours of boredom on the flying metal box. However should airlines risk flight security for the latest Box office blockbuster?  
Read More »
AppSec Metrics

Application Security Metrics: Where (And Why) To Begin?

May 15, 2015 By Sarah Vonnegut | A wise man once said, “to measure is to know…if you cannot measure it, you cannot improve it.” When it comes to application security, measurements are crucial to the success of your program. But determining how to best combine your measurements into metrics which show your programs value is much more important.
As a CISO or the like, you lead a team that the business absolutely depends on. Unfortunately, information security in general and application security in specific have a hard time gaining support, even if the latest Verizon Data Breach Investigation Report noted that 75% of web app attacks are financially motivated, and that application security falls “squarely under ‘the cost of doing business.’
Read More »

Starbucks Application Breach #2

May 14, 2015 By Amit Ashbel | What was stolen?
A new attack on the Starbucks Mobile Payment Application was launched. Criminals have been breaking into individual customer rewards accounts and transferring funds to other accounts.
How was the attack executed?
Read More »
Code Injections

5 Deadly Code Injections That Can Obliterate Your Application

May 13, 2015 By Sharon Solomon | Cybercrime has evolved significantly over the years. While initially based mainly on social engineering and phishing, hackers today implement a wide range of techniques to exploit vulnerable applications with porous code. Code injections have arguably become the weapons of choice for hackers and are constantly being used to perform high-profile hackings worldwide.     
Read More »
6 Tips for Ensuring Your AppSec Program

6 Tips for Ensuring Your Application Security Program Isn’t a Flop

May 08, 2015 By Sarah Vonnegut | Baking security in to our applications is just not an option anymore. The explosion of the number of applications within organizations, coupled with the constant breaches we hear about (and the many more we don’t) don’t allow room for complacency when it comes to securing your organization and customer data.   Yet CISOs and security managers still struggle to receive the support and buy-in for basic application security practices while developers are still making careless security mistakes, all because application security is still not being taken seriously enough.   One of the best ways of getting the organization’s support towards AppSec is coming to the board with a clear, measurable program in place.  And even with an AppSec program in place, it’s difficult to know if you’re “doing it right.” Here we offer six points of attention any security practitioner either implementing or designing an application security program should heed.
Read More »

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.